TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2021-28148

HIGH
7.5

Beschreibung

One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance.

CVE Details

CVSS v3.1 Bewertung7.5
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht3/22/2021
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0

Betroffene Produkte

grafana:grafana

Schwachen (CWE)

CWE-306

Referenzen

https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724(cve@mitre.org)
https://community.grafana.com/t/release-notes-v6-7-x/27119(cve@mitre.org)
https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/(cve@mitre.org)
https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/(cve@mitre.org)
https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/(cve@mitre.org)
https://grafana.com/products/enterprise/(cve@mitre.org)
https://security.netapp.com/advisory/ntap-20210430-0005/(cve@mitre.org)
https://www.openwall.com/lists/oss-security/2021/03/19/5(cve@mitre.org)
https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724(af854a3a-2127-422b-91ae-364da2661108)
https://community.grafana.com/t/release-notes-v6-7-x/27119(af854a3a-2127-422b-91ae-364da2661108)
https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/(af854a3a-2127-422b-91ae-364da2661108)
https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/(af854a3a-2127-422b-91ae-364da2661108)
https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/(af854a3a-2127-422b-91ae-364da2661108)
https://grafana.com/products/enterprise/(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20210430-0005/(af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2021/03/19/5(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.